Hacker reverse-engineered ACMA blacklist

An Australian Communications and Media Authority (ACMA) executive has told a Senate Estimates hearing that the alleged leak of its blacklist in March was the result of a hacker reverse-engineering a Family Friendly filter.

This story initially reported that
filters used by Family Friendly ISPs had been reverse engineered.
Ms O'Loughlin was actually referring to Family Friendly filter
vendors.

update An Australian Communications and Media Authority (ACMA)
executive has told a Senate Estimates hearing that the alleged leak
of its blacklist in March was the result of a hacker
reverse-engineering a Family Friendly filter.

"We started off very much concerned about our internal process,
but then as more information came to us it became very clear that
where the alleged list was acquired from was actually from the
filter itself," Nerida O'Loughlin, ACMA's general manager of its
Industry Outputs Division told the Senate Estimates hearing on
Monday.

ACMA's investigation into the leak revealed one of the filters
on the Internet Industry Association's Family Friendly filter list
was "reverse engineered" to produce the blacklist that was leaked.
Family Friendly filter vendors include Microsoft, f-secure, McAfee
and Trend Micro amongst others.

Shortly after the alleged leak, Minister for Communications
Stephen Conroy said the list was not current, but an older version
that ACMA had used. The leaked list contained some 2395 web pages
whereas the list at the time of the leak contained 1061 URLs.
ACMA's current list issued to Family Friendly ISPs contains just
977 web pages.

The leak prompted a review of security arrangements around how
ACMA sends out the weekly update of the blacklist, which it claimed
is "always encrypted" before sending. Participating vendors are
typically notified that a new list is available and are provided a
password to access it.

ACMA also asked the vendors to submit details on how the
blacklist is handled once it had been received, though only eight
of the 13 participants responded, said O'Loughlin.

"We asked them to provide information back to the ACMA with
regard to any security vulnerabilities. We stopped distributing the
list at that point in time until we were satisfied that we had
information from those vendors as to what they would put in place,"
said O'Loughlin.

O'Loughlin said the matter had been referred to the Australian
Federal Police in the past few weeks.